Paytm Auto Debit Integration - Overview

Auto Debit flow provides single click payment solution for customers. Here the merchant links their customer’s account with Paytm registered mobile number. This enables them to debit the required amount from linked Paytm Wallet without any intervention from end user. This flow guarantees high success rates in less response time.

Used for expiring a user’s token. Merchant can use this API whenever customer deletes his account or logs in with other mobile number. Merchant should also provide an option to the customer to discontinue the link between his merchant and Paytm account

For terminal state (success/fail) transactions, merchant is required to re-verify transaction status with this API. The status provided in the response should be treated as the final status of transaction. Additionally merchant should match the transaction amount received with that sent in transaction request API. In case of mismatch, merchant should mark this transaction as disputed and raise it to KAM/helpdesk team

In event of a network failure or genuine user dropout during the payment process, response of transaction request is not posted to the merchant. Hence in case merchant does not receive the response after considerable time has passed, it should status query after regular intervals till the terminal status of transaction is received

Sometimes “pending” status is received from banks which is passed in response to the merchants. In these cases too, merchant should status query at regular intervals till the terminal status of transaction is received

For terminal state (success/fail) refund transactions, merchant is required to re-verify refund transaction status with this API. The status provided in the response should be treated as the final status of refund transaction. Additionally merchant should match the transaction amount received with that sent in refund transaction request API. In case of mismatch, merchant should mark this refund transaction as disputed and raise it to KAM/helpdesk team

In event of a network failure or genuine user dropout during the payment process, response of refund transaction request is not posted to the merchant. Hence in case merchant does not receive the response after considerable time has passed, it should status query after regular intervals till the terminal status of refund transaction is received

Sometimes “pending” status is received from banks which is passed in response to the merchants. In these cases too, merchant should status query at regular intervals till the terminal status of refund transaction is received

In order to safeguard against request/response tampering, merchant must verify the transaction/refund status by following two ways:

Validation request/response via checksum: Paytm posts the transaction status to merchant. With these parameters (other than Checksumhash), merchant has to generate Checksumhash at his end and validate with one received in response. In case of mismatch merchant should check the final details of transaction with transaction status API

Reconciling final status with transaction/refund Status API: For terminal state (success/fail) transactions (withdraw and add money), merchant is required to re-verify status of the transaction with Transaction Status API. The status provided in the response should be treated as the final status of transaction. Additionally merchant should match the transaction amount received with the one sent in transaction request API. In case of mismatch, merchant should mark this transaction as disputed and raise it to KAM/helpdesk team

Checksumhash ensures integrity of the request and is generated using the secret merchant key. Checksum is always generated on merchant server (where merchant key is placed) and then is passed to client or directly to Paytm depending on the flow. Server side utility code for generating checksumhash in popular development languages is available here

Checksum must include all parameters i.e. all the mandatory and optional parameters which have been received or is being posted If Merchant code is in Java then merchant should pass TreeMap of all the parameters (parameter name would be key of TreeMap) to checksum utility method along with key to generate CHECKSUMHASH

Staging credentials are provided after document and platform verification

Production credentials are provided after merchant has signed the agreement & complying to integration checklist on staging environment

Mobile Number – 7777777777

Password – Paytm12345

OTP – 489871

After every 5 minutes, the Wallet balance is topped up to Rs. 7,000

Mandatory checks to be ensured by merchants with Auto-Debit flow

Mobile number used for linking Paytm should be same as the customer login mobile number in merchant’s platform. This will nullify scenarios wherein a fraudulent customer links/consumes Paytm account for another customer

For a particular OTP, the merchant should hit the OTP validation API only once

Merchant should always validate a customer’s token and not rely on token expiry time. This is because there are many scenarios due to which a token can expire before the expiry time (log out of customer from Paytm account)

Transactions via Auto-debit flow should be initiated by the customer. Merchant cannot take one time permission from the user for subsequent transactions

Merchant should give provision to customer for terminating his account linked with merchant APP. This can be done by Revoke Access API

The merchant should provide an option to customer for resending OTP. This is required as sometimes due to telecom network congestion, the customer does not receive OTP. Additionally merchant should auto read OTP on its APP

Overview of the flow

Auto Debit flow provides single click payment solution for customers. Here the merchant links their customer’s account with Paytm registered mobile number. This enables them to debit the required amount from linked Paytm Wallet without any intervention from end user. This flow guarantees high success rates in less response time.

Customer Flow

Product Flow

APIs and their use cases

This section details out the use cases of all APIs used in this payment gateway flow.

Used for expiring a user’s token. Merchant can use this API whenever customer deletes his account or logs in with other mobile number. Merchant should also provide an option to the customer to discontinue the link between his merchant and Paytm account

For terminal state (success/fail) refund transactions, merchant is required to re-verify refund transaction status with this API. The status provided in the response should be treated as the final status of refund transaction. Additionally merchant should match the transaction amount received with that sent in refund transaction request API. In case of mismatch, merchant should mark this refund transaction as disputed and raise it to KAM/helpdesk team

In event of a network failure or genuine user dropout during the payment process, response of refund transaction request is not posted to the merchant. Hence in case merchant does not receive the response after considerable time has passed, it should status query after regular intervals till the terminal status of refund transaction is received

Sometimes “pending” status is received from banks which is passed in response to the merchants. In these cases too, merchant should status query at regular intervals till the terminal status of refund transaction is received

For terminal state (success/fail) transactions, merchant is required to re-verify transaction status with this API. The status provided in the response should be treated as the final status of transaction. Additionally merchant should match the transaction amount received with that sent in transaction request API. In case of mismatch, merchant should mark this transaction as disputed and raise it to KAM/helpdesk team

In event of a network failure or genuine user dropout during the payment process, response of transaction request is not posted to the merchant. Hence in case merchant does not receive the response after considerable time has passed, it should status query after regular intervals till the terminal status of transaction is received

Sometimes “pending” status is received from banks which is passed in response to the merchants. In these cases too, merchant should status query at regular intervals till the terminal status of transaction is received

Verification of transaction response

In order to safeguard against request/response tampering, merchant must verify the transaction/refund status by following two ways:

Validation request/response via checksum: Paytm posts the transaction status to merchant. With these parameters (other than Checksumhash), merchant has to generate Checksumhash at his end and validate with one received in response. In case of mismatch merchant should check the final details of transaction with transaction status API

Reconciling final status with transaction/refund Status API: For terminal state (success/fail) transactions (withdraw and add money), merchant is required to re-verify status of the transaction with Transaction Status API. The status provided in the response should be treated as the final status of transaction. Additionally merchant should match the transaction amount received with the one sent in transaction request API. In case of mismatch, merchant should mark this transaction as disputed and raise it to KAM/helpdesk team

Checksumhash ensures integrity of the request and is generated using the secret merchant key. Checksum is always generated on merchant server (where merchant key is placed) and then is passed to client or directly to Paytm depending on the flow. Server side utility code for generating checksumhash in popular development languages is available here

Checksum must include all parameters i.e. all the mandatory and optional parameters which have been received or is being posted If Merchant code is in Java then merchant should pass TreeMap of all the parameters (parameter name would be key of TreeMap) to checksum utility method along with key to generate CHECKSUMHASH

Staging & Production credentials for gateway integration

Staging credentials are provided after document and platform verification

Production credentials are provided after merchant has signed the agreement & complying to integration checklist on staging environment

Mobile Number – 7777777777

Password – Paytm12345

OTP – 489871

After every 5 minutes, the Wallet balance is topped up to Rs. 7,000

Mandatory checks to be ensured by merchants with Auto-Debit flow

Mobile number used for linking Paytm should be same as the customer login mobile number in merchant’s platform. This will nullify scenarios wherein a fraudulent customer links/consumes Paytm account for another customer

For a particular OTP, the merchant should hit the OTP validation API only once

Merchant should always validate a customer’s token and not rely on token expiry time. This is because there are many scenarios due to which a token can expire before the expiry time (log out of customer from Paytm account)

Transactions via Auto-debit flow should be initiated by the customer. Merchant cannot take one time permission from the user for subsequent transactions

Merchant should give provision to customer for terminating his account linked with merchant APP. This can be done by Revoke Access API

The merchant should provide an option to customer for resending OTP. This is required as sometimes due to telecom network congestion, the customer does not receive OTP. Additionally merchant should auto read OTP on its APP